Commit 6d466733 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Validate allowed keys only in new CI config

parent 7cef4f19
...@@ -4,15 +4,6 @@ module Ci ...@@ -4,15 +4,6 @@ module Ci
include Gitlab::Ci::Config::Node::LegacyValidationHelpers include Gitlab::Ci::Config::Node::LegacyValidationHelpers
DEFAULT_STAGE = 'test'
ALLOWED_YAML_KEYS = [:before_script, :after_script, :image, :services, :types, :stages, :variables, :cache]
ALLOWED_JOB_KEYS = [:tags, :script, :only, :except, :type, :image, :services,
:allow_failure, :type, :stage, :when, :artifacts, :cache,
:dependencies, :before_script, :after_script, :variables,
:environment]
ALLOWED_CACHE_KEYS = [:key, :untracked, :paths]
ALLOWED_ARTIFACTS_KEYS = [:name, :untracked, :paths, :when, :expire_in]
attr_reader :path, :cache, :stages attr_reader :path, :cache, :stages
def initialize(config, path = nil) def initialize(config, path = nil)
...@@ -102,21 +93,11 @@ module Ci ...@@ -102,21 +93,11 @@ module Ci
def validate_job!(name, job) def validate_job!(name, job)
raise ValidationError, "Unknown parameter: #{name}" unless job.is_a?(Hash) && job.has_key?(:script) raise ValidationError, "Unknown parameter: #{name}" unless job.is_a?(Hash) && job.has_key?(:script)
validate_job_keys!(name, job)
validate_job_types!(name, job) validate_job_types!(name, job)
validate_job_stage!(name, job) if job[:stage] validate_job_stage!(name, job) if job[:stage]
validate_job_dependencies!(name, job) if job[:dependencies] validate_job_dependencies!(name, job) if job[:dependencies]
end end
def validate_job_keys!(name, job)
job.keys.each do |key|
unless (ALLOWED_JOB_KEYS + %i[name]).include? key
raise ValidationError, "#{name} job: unknown parameter #{key}"
end
end
end
def validate_job_types!(name, job) def validate_job_types!(name, job)
if job[:tags] && !validate_array_of_strings(job[:tags]) if job[:tags] && !validate_array_of_strings(job[:tags])
raise ValidationError, "#{name} job: tags parameter should be an array of strings" raise ValidationError, "#{name} job: tags parameter should be an array of strings"
......
...@@ -9,6 +9,11 @@ module Gitlab ...@@ -9,6 +9,11 @@ module Gitlab
include Configurable include Configurable
validations do validations do
validates :config, allowed_keys:
%i[tags script only except type image services allow_failure
type stage when artifacts cache dependencies before_script
after_script variables environment]
validates :config, presence: true validates :config, presence: true
validates :name, presence: true validates :name, presence: true
validates :name, type: Symbol validates :name, type: Symbol
......
...@@ -46,6 +46,16 @@ describe Gitlab::Ci::Config::Node::Job do ...@@ -46,6 +46,16 @@ describe Gitlab::Ci::Config::Node::Job do
end end
end end
end end
context 'when unknown keys detected' do
let(:config) { { unknown: true } }
describe '#valid' do
it 'is not valid' do
expect(entry).not_to be_valid
end
end
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment